[go: up one dir, main page]

CN112953973B - Hybrid attack detection method for continuous variable quantum key distribution system - Google Patents

Hybrid attack detection method for continuous variable quantum key distribution system Download PDF

Info

Publication number
CN112953973B
CN112953973B CN202110390368.3A CN202110390368A CN112953973B CN 112953973 B CN112953973 B CN 112953973B CN 202110390368 A CN202110390368 A CN 202110390368A CN 112953973 B CN112953973 B CN 112953973B
Authority
CN
China
Prior art keywords
quantum key
attack
continuous variable
transmitting
receiving end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110390368.3A
Other languages
Chinese (zh)
Other versions
CN112953973A (en
Inventor
黄端
刘素素
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Central South University
Original Assignee
Central South University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Central South University filed Critical Central South University
Priority to CN202110390368.3A priority Critical patent/CN112953973B/en
Publication of CN112953973A publication Critical patent/CN112953973A/en
Application granted granted Critical
Publication of CN112953973B publication Critical patent/CN112953973B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • G06N20/10Machine learning using kernel methods, e.g. support vector machines [SVM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Electromagnetism (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Artificial Intelligence (AREA)
  • Optics & Photonics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Optical Communication System (AREA)

Abstract

The invention discloses a hybrid attack detection method for a continuous variable quantum key distribution system, which comprises the steps of constructing the continuous variable quantum key distribution attack detection system; acquiring continuous variable quantum key communication data under different attack modes by adopting a built system, and processing and dividing a sample set; constructing a continuous variable quantum key distribution attack detection model based on multi-label learning and training to obtain an attack detection model; and monitoring actual communication by adopting an attack detection model. The hybrid attack detection method for the continuous variable quantum key distribution system provided by the invention learns and identifies the attack mode by adopting the sequencing support vector machine algorithm in multi-label learning, so that the method can accurately detect the attack types included in the hybrid attack for the quantum key distribution system, and has the advantages of high reliability, good practicability and wide application range.

Description

针对连续变量量子密钥分发系统的混合攻击检测方法Hybrid attack detection method for continuous variable quantum key distribution system

技术领域technical field

本发明属于量子通信领域,具体涉及一种针对连续变量量子密钥分发系统的混合攻击检测方法。The invention belongs to the field of quantum communication, in particular to a hybrid attack detection method for a continuous variable quantum key distribution system.

背景技术Background technique

基于量子物理基本定律的信息理论,量子密钥分发具有理论上绝对安全的优点,是量子技术最重要的应用之一。根据载体不同,量子密钥分发可分为离散变量量子密钥分发(DVQKD)和连续变量量子密钥(CVQKD)分发。CVQKD相对DVQKD起步较晚,但具有更高的秘钥率,因此连续变量量子密钥(CVQKD)的应用更为广泛和普及。高斯调制相干态(GMCS)协议是目前在安全性和实现方面最容易理解的协议,在理论上已被证明可抵抗集体攻击。但是,某些实用的攻击策略也可以破坏实际情况下的GMCS CVQKD的安全性,例如特洛伊木马攻击、波长攻击、校准攻击、本地振荡器强度攻击、饱和攻击和零差探测致盲攻击。Based on the information theory of the basic laws of quantum physics, quantum key distribution has the advantage of absolute security in theory, and is one of the most important applications of quantum technology. According to different carriers, quantum key distribution can be divided into discrete variable quantum key distribution (DVQKD) and continuous variable quantum key distribution (CVQKD). Compared with DVQKD, CVQKD started later, but has a higher key rate, so the application of continuous variable quantum key (CVQKD) is more widespread and popular. The Gaussian Modulated Coherent State (GMCS) protocol is currently the easiest to understand in terms of security and implementation, and has been theoretically proven to be resistant to collective attacks. However, some practical attack strategies can also undermine the security of GMCS CVQKD in real situations, such as Trojan horse attack, wavelength attack, calibration attack, local oscillator strength attack, saturation attack and homodyne detection blinding attack.

针对上述情况,目前应对的策略大多是在系统上添加合适的实时监控模块;但是实时监控模块只能防止单一攻击。同时由于实际器件的缺陷,合法双方必须实施多次迭代计算才能获得准确的估算值,而且该操作在密钥传输完成之后,无法在攻击者(Eve)攻击时就准确检测出攻击。除此之外,有学者提出一种通用攻击检测方案,可以抵抗尽可能多的攻击类型,但是该方案只能检测出一种攻击。在现实操作中,攻击者Eve并不会只实施一种攻击,或者可能会有多个攻击者Eve同时实施不同攻击,从而使得该方法的实用性不佳。In view of the above situation, most of the current strategies are to add a suitable real-time monitoring module to the system; however, the real-time monitoring module can only prevent a single attack. At the same time, due to the defects of the actual device, the legitimate two parties must perform multiple iterative calculations to obtain an accurate estimated value, and after the key transmission is completed, the attack cannot be accurately detected when the attacker (Eve) attacks. In addition, some scholars have proposed a general attack detection scheme, which can resist as many attack types as possible, but this scheme can only detect one kind of attack. In real operation, the attacker Eve will not implement only one kind of attack, or there may be multiple attacker Eves to carry out different attacks at the same time, which makes this method unpractical.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于提供一种可靠性高、实用性好且适用范围广的针对连续变量量子密钥分发系统的混合攻击检测方法。The purpose of the present invention is to provide a hybrid attack detection method for a continuous variable quantum key distribution system with high reliability, good practicability and wide application range.

本发明提供的这种针对连续变量量子密钥分发系统的混合攻击检测方法,包括如下步骤:The hybrid attack detection method for the continuous variable quantum key distribution system provided by the present invention includes the following steps:

S1.搭建连续变量量子密钥分发攻击检测系统;S1. Build a continuous variable quantum key distribution attack detection system;

S2.采用步骤S1搭建的连续变量量子密钥分发攻击检测系统,获取不同攻击模式下的连续变量量子密钥通信数据;S2. Use the continuous variable quantum key distribution attack detection system built in step S1 to obtain continuous variable quantum key communication data under different attack modes;

S3.将步骤S2获得的通信数据进行数据处理,并划分样本集;S3. Data processing is performed on the communication data obtained in step S2, and a sample set is divided;

S4.构建基于多标签学习的连续变量量子密钥分发攻击检测模型,并采用步骤S3得到的样本集进行训练,得到攻击检测模型;S4. Construct a continuous variable quantum key distribution attack detection model based on multi-label learning, and use the sample set obtained in step S3 for training to obtain an attack detection model;

S5.采用步骤S4得到的攻击检测模型,对实际的连续变量量子密钥分发系统的通信过程进行监测,从而实现针对连续变量量子密钥分发系统的混合攻击检测。S5. Using the attack detection model obtained in step S4, the communication process of the actual continuous variable quantum key distribution system is monitored, so as to realize hybrid attack detection for the continuous variable quantum key distribution system.

步骤S1所述的连续变量量子密钥分发攻击检测系统,包括发送端脉冲激光器、发送端分束器、发送端相位调制器、发送端调幅器、发送端偏振分束器、接收端偏振分束器、接收端第一分束器、接收端第二分束器、接收端相位调制器、接收端调幅器、接收端光率计、接收端同步时钟、接收端零差探测器、接收端控制器;发送端脉冲激光器、发送端分束器、发送端相位调制器、发送端调幅器和发送端偏振分束器依次串接;发送端脉冲激光器用于产生光脉冲,并发送至发送端分束器;发送端分束器用于将接收到的光脉冲按照10:90分束为信号光和本振光,并将信号光发送至发送端相位调制器,将本振光发送至发送端偏振分束器;发送端相位调制器用于对接收到的信号光进行相位调制后,在发送至发送端调幅器;发送端调幅器用于对接收到的光信号进行幅度调制后再发送到发送端偏振分束器;发送端偏振分束器用于将接收到的本振光和经过相位和幅度调制的信号光经过时分及偏振复用后,输送到接收端;接收端偏振分束器将接收到的信号分解为信号光和本振光,并将信号光发送至接收端调幅器,将本振光发送至接收端第一分束器;接收端第一分束器用于将接收到的本振光信号按照10:90分束,并分别传送至接收端第二分束器和接收端相位调制器;接收端第二分束器用于将接收到的90%一束的本振光信号平均分为两束,并分别发送至接收端光率计和接收端同步时钟;接收端相位调制器用于将接收到的10%一束的本振光信号进行相位调制后发送至接收端零差探测器;接收端调幅器用于将接收到的信号光进行概率为设定值的最大衰减后,再进行实时散粒噪声估计,并将结果发送至接收端零差探测器;接收端光率计用于根据接收到的信号进行光功率检测,并将结果上传至接收端控制器;接收端同步时钟用于根据接收到的信号产生时钟信号,并将结果上传至接收端控制器;接收端零差探测器用于对接收到的本振光和信号光进行零差探测,并将结果上传至接收端控制器;接收端控制器用于根据接收到的信号进行采样和攻击检测。The continuous variable quantum key distribution attack detection system described in step S1 includes a pulse laser at the sending end, a beam splitter at the sending end, a phase modulator at the sending end, an amplitude modulator at the sending end, a polarization beam splitter at the sending end, and a polarization beam splitter at the receiving end receiver, receiver first beam splitter, receiver second beam splitter, receiver phase modulator, receiver amplitude modulator, receiver light rate meter, receiver synchronization clock, receiver homodyne detector, receiver control The sending end pulse laser, the sending end beam splitter, the sending end phase modulator, the sending end amplitude modulator and the sending end polarization beam splitter are connected in series in sequence; the sending end pulse laser is used to generate optical pulses and send them to the sending end splitter Beam splitter; the beam splitter at the sending end is used to split the received optical pulse into signal light and local oscillator light according to 10:90, and send the signal light to the phase modulator at the sending end, and send the local oscillator light to the sending end for polarization Beam splitter; the phase modulator at the transmitting end is used to phase modulate the received signal light before sending it to the amplitude modulator at the transmitting end; the amplitude modulator at the transmitting end is used to perform amplitude modulation on the received optical signal before sending it to the transmitting end for polarization Beam splitter; the polarizing beam splitter at the transmitting end is used to transmit the received local oscillator light and the signal light modulated by phase and amplitude to the receiving end after time division and polarization multiplexing; The signal is decomposed into signal light and local oscillator light, and the signal light is sent to the amplitude modulator at the receiving end, and the local oscillator light is sent to the first beam splitter at the receiving end; the first beam splitter at the receiving end is used to convert the received local oscillator light The signal is split by 10:90 and sent to the second beam splitter at the receiving end and the phase modulator at the receiving end; Two beams are sent to the optical rate meter at the receiving end and the synchronization clock at the receiving end respectively; the phase modulator at the receiving end is used to phase modulate the received 10% beam of the local oscillator optical signal and send it to the homodyne detector at the receiving end; The amplitude modulator at the receiving end is used to attenuate the received signal light with the maximum probability of the set value, and then perform real-time shot noise estimation, and send the result to the homodyne detector at the receiving end; the light rate meter at the receiving end is used according to the The received signal is subjected to optical power detection, and the result is uploaded to the receiver controller; the receiver synchronous clock is used to generate a clock signal according to the received signal, and the result is uploaded to the receiver controller; the receiver homodyne detector is used for It is used to perform homodyne detection on the received local oscillator light and signal light, and upload the results to the receiver controller; the receiver controller is used for sampling and attack detection according to the received signal.

步骤S2所述的获取不同攻击模式下的连续变量量子密钥通信数据,具体为获取正常通信时的连续变量量子密钥通信数据,以及遭受攻击时的连续变量量子密钥通信数据;所述的攻击包括校准攻击、低强度攻击、截取-重发攻击和饱和攻击中的单一模式攻击或组合模式攻击。The obtaining of the continuous variable quantum key communication data under different attack modes described in step S2 is specifically to obtain the continuous variable quantum key communication data during normal communication and the continuous variable quantum key communication data when attacked; the described Attacks include single-mode or combined-mode attacks in calibration attacks, low-intensity attacks, intercept-replay attacks, and saturation attacks.

步骤S3所述的将步骤S2获得的通信数据进行数据处理,并划分样本集,具体为将正常通信模式下,以及遭受攻击模式下的连续变量量子密钥通信数据,测量数据标记为d维特征X={x1,x2,...,xd},其中

Figure GDA0003551849750000041
ILOi为第i组测量数据中的本振光的强度,N0i为第i组测量数据中的散粒噪声方差,
Figure GDA0003551849750000042
为第i组测量数据中的接收端测量到的正交平均值,Vui为第i组测量数据中的接收端测量到的正交方差;q种可能的攻击类型标记为多标签空间Y={y1,y2,...,yq},y的取值为0或1,0代表未遭受该攻击,1表示遭受该攻击;构建样本数据D={(xi,yi)|1≤i≤n};然后将样本数据采用最大最小归一化算法进行数据归一化处理,最后按照设定的比例划分为训练集和测试集。In step S3, data processing is performed on the communication data obtained in step S2, and the sample set is divided, specifically, the continuous variable quantum key communication data in the normal communication mode and in the attacked mode, and the measurement data are marked as d-dimensional features. X={x 1 ,x 2 ,...,x d }, where
Figure GDA0003551849750000041
I LOi is the intensity of the local oscillator light in the i-th group of measurement data, N 0i is the shot noise variance in the i-th group of measurement data,
Figure GDA0003551849750000042
is the quadrature mean value measured by the receiver in the i-th group of measurement data, V ui is the quadrature variance measured by the receiver in the i-th group of measurement data; q possible attack types are marked as multi-label space Y= {y 1 , y 2 ,...,y q }, the value of y is 0 or 1, 0 means not being attacked, 1 means being attacked; constructing sample data D={(x i ,y i ) |1≤i≤n}; then the sample data is normalized by the maximum and minimum normalization algorithm, and finally divided into training set and test set according to the set ratio.

步骤S4所述的构建基于多标签学习的连续变量量子密钥分发攻击检测模型,具体为采用如下步骤构建模型:The construction of the continuous variable quantum key distribution attack detection model based on multi-label learning described in step S4 is specifically to use the following steps to build the model:

A.模型内部结构为多标签算法的排序支持向量机,包括训练线性模型和训练阈值函数;A. The internal structure of the model is a sorting support vector machine of multi-label algorithm, including training linear model and training threshold function;

B.训练线性模型具体为:B. The training linear model is specifically:

在标签中,以相关或无关作为判断;采用如下算式表示相关标签yj和无关标签yk对应的分类超平面:In the label, the judgment is based on whether it is relevant or irrelevant; the following formula is used to express the classification hyperplane corresponding to the relevant label y j and the irrelevant label y k :

<ωjk,x>+bj-bk=0jk ,x>+b j -b k =0

式中ωj为标签yj的权重;ωk为标签yk的权重;bk为标签yk的偏移量;bj为标签yj的偏移量;where ω j is the weight of label y j ; ω k is the weight of label y k ; b k is the offset of label y k ; b j is the offset of label y j ;

采用如下算式表示真实情况下算法对应的优化问题:最大化决策边缘与最小化Ranking loss函数的求和:The optimization problem corresponding to the algorithm in the real situation is represented by the following formula: the summation of maximizing the decision edge and minimizing the Ranking loss function:

Figure GDA0003551849750000043
Figure GDA0003551849750000043

约束条件:<ωjk,xi>+bj-bk≥1-ξijk Constraints: <ω jk , xi >+b j -b k ≥1-ξ ijk

Figure GDA0003551849750000051
Figure GDA0003551849750000051

式中ξijk为松弛变量,

Figure GDA0003551849750000052
为松弛变量集合;C为惩罚因子;where ξijk is the slack variable,
Figure GDA0003551849750000052
is the set of slack variables; C is the penalty factor;

C.训练阈值函数具体为:C. The training threshold function is specifically:

采用如下算式表示阈值:The threshold is expressed by the following formula:

Figure GDA0003551849750000053
Figure GDA0003551849750000053

其中fk(xi)=<ωk,xi>+bk,f(·)返回实数值,表示多标签分类系统在每一个标签上的输出值;Y为标签空间;

Figure GDA0003551849750000054
为标签空间的补集;t为设定阈值;Where f k ( xi )=<ω k , xi >+b k , f(·) returns a real value, which represents the output value of the multi-label classification system on each label; Y is the label space;
Figure GDA0003551849750000054
is the complement of the label space; t is the set threshold;

D.基于训练线性模型和训练阈值函数,得到最终的多标签分类器为h(x)={yk|fk(x)>t(x),1≤k≤q};q为可能的攻击类型数目;t(·)为步骤C中所用阈值函数;h(x)最终输出为0、1字符串,对应是否受到各个攻击。D. Based on the training linear model and the training threshold function, the final multi-label classifier is obtained as h(x)={y k |f k (x)>t(x), 1≤k≤q}; q is possible Number of attack types; t( ) is the threshold function used in step C; h(x) is the final output of 0, 1 strings, corresponding to whether each attack is received.

本发明提供的这种针对连续变量量子密钥分发系统的混合攻击检测方法,通过采用多标签学习中的排序支持向量机算法,对攻击模式进行学习和识别,从而保证了本发明方法能够精准检测出针对量子密钥分发系统的混合攻击中包含的攻击类型,而且本发明方法的可靠性高、实用性好且适用范围广。The hybrid attack detection method for the continuous variable quantum key distribution system provided by the present invention uses the sorting support vector machine algorithm in multi-label learning to learn and identify the attack mode, thereby ensuring that the method of the present invention can accurately detect The attack type included in the hybrid attack against the quantum key distribution system is obtained, and the method of the invention has high reliability, good practicability and wide application range.

附图说明Description of drawings

图1为本发明方法的方法流程示意图。FIG. 1 is a schematic flow chart of the method of the present invention.

图2为本发明方法中的连续变量量子密钥分发攻击检测系统的功能模块图。FIG. 2 is a functional block diagram of the continuous variable quantum key distribution attack detection system in the method of the present invention.

具体实施方式Detailed ways

如图1所示为本发明方法的方法流程示意图:本发明提供的这种针对连续变量量子密钥分发系统的混合攻击检测方法,包括如下步骤:1 is a schematic flow chart of the method of the present invention: this hybrid attack detection method for a continuous variable quantum key distribution system provided by the present invention includes the following steps:

S1.搭建连续变量量子密钥分发攻击检测系统;S1. Build a continuous variable quantum key distribution attack detection system;

S2.采用步骤S1搭建的连续变量量子密钥分发攻击检测系统,获取不同攻击模式下的连续变量量子密钥通信数据;具体为获取正常通信时的连续变量量子密钥通信数据,以及遭受攻击时的连续变量量子密钥通信数据;所述的攻击包括校准攻击、低强度攻击、截取-重发攻击和饱和攻击中的单一模式攻击或组合模式攻击,一共15种攻击模式;S2. Use the continuous variable quantum key distribution attack detection system built in step S1 to obtain continuous variable quantum key communication data under different attack modes; specifically, obtain the continuous variable quantum key communication data during normal communication, and when attacked continuous variable quantum key communication data; the attacks include calibration attack, low-intensity attack, interception-retransmission attack and saturation attack in a single mode attack or combined mode attack, a total of 15 attack modes;

S3.将步骤S2获得的通信数据进行数据处理,并划分样本集;具体为将正常通信模式下,以及遭受攻击模式下的连续变量量子密钥通信数据,测量数据标记为d维特征X={x1,x2,...,xd},其中

Figure GDA0003551849750000061
ILOi为第i组测量数据中的本振光的强度,N0i为第i组测量数据中的散粒噪声方差,
Figure GDA0003551849750000062
为第i组测量数据中的接收端测量到的正交平均值,Vui为第i组测量数据中的接收端测量到的正交方差;q种可能的攻击类型标记为多标签空间Y={y1,y2,...,yq},y的取值为0或1,0代表未遭受该攻击,1表示遭受该攻击;构建样本数据D={(xi,yi)|1≤i≤n};然后将样本数据采用最大最小归一化算法进行数据归一化处理,最后按照设定的比例划分为训练集和测试集;S3. Perform data processing on the communication data obtained in step S2, and divide the sample set; specifically, the continuous variable quantum key communication data in the normal communication mode and in the attacked mode, the measurement data is marked as the d-dimensional feature X={ x 1 ,x 2 ,...,x d }, where
Figure GDA0003551849750000061
I LOi is the intensity of the local oscillator light in the i-th group of measurement data, N 0i is the shot noise variance in the i-th group of measurement data,
Figure GDA0003551849750000062
is the quadrature mean value measured by the receiver in the i-th group of measurement data, V ui is the quadrature variance measured by the receiver in the i-th group of measurement data; q possible attack types are marked as multi-label space Y= {y 1 , y 2 ,...,y q }, the value of y is 0 or 1, 0 means not being attacked, 1 means being attacked; constructing sample data D={(x i ,y i ) |1≤i≤n}; then the sample data is normalized by the maximum and minimum normalization algorithm, and finally divided into training set and test set according to the set ratio;

S4.构建基于多标签学习的连续变量量子密钥分发攻击检测模型,并采用步骤S3得到的样本集进行训练,得到攻击检测模型;具体为采用如下步骤构建模型:S4. Build a continuous variable quantum key distribution attack detection model based on multi-label learning, and use the sample set obtained in step S3 for training to obtain an attack detection model; specifically, the following steps are used to build the model:

A.模型内部结构为多标签算法的排序支持向量机,包括训练线性模型和训练阈值函数;A. The internal structure of the model is a sorting support vector machine of multi-label algorithm, including training linear model and training threshold function;

B.训练线性模型具体为:B. The training linear model is specifically:

在标签中,以相关或不相关作为判断;采用如下算式表示相关标签yk和不相关标签yl对应的分类超平面:In the label, the judgment is based on whether it is relevant or irrelevant; the following formula is used to express the classification hyperplane corresponding to the relevant label y k and the irrelevant label y l :

<ωjk,x>+bj-bk=0jk ,x>+b j -b k =0

式中ωj为标签yj的权重;ωk为标签yk的权重;bk为标签yk的偏移量;bj为标签yj的偏移量;where ω j is the weight of label y j ; ω k is the weight of label y k ; b k is the offset of label y k ; b j is the offset of label y j ;

采用如下算式表示真实情况下算法对应的优化问题:最大化决策边缘与最小化Ranking loss函数的求和:The optimization problem corresponding to the algorithm in the real situation is represented by the following formula: the summation of maximizing the decision edge and minimizing the Ranking loss function:

Figure GDA0003551849750000071
Figure GDA0003551849750000071

约束条件:<ωjk,xi>+bj-bk≥1-ξijk Constraints: <ω jk , xi >+b j -b k ≥1-ξ ijk

Figure GDA0003551849750000072
Figure GDA0003551849750000072

式中ξijk为松弛变量,

Figure GDA0003551849750000073
为松弛变量集合;C为惩罚因子;where ξijk is the slack variable,
Figure GDA0003551849750000073
is the set of slack variables; C is the penalty factor;

C.训练阈值函数具体为:C. The training threshold function is specifically:

采用如下算式表示阈值:The threshold is expressed by the following formula:

Figure GDA0003551849750000074
Figure GDA0003551849750000074

其中fk(xi)=<ωk,xi>+bk,f(·)返回实数值,表示多标签分类系统在每一个标签上的输出值;Y为标签空间;

Figure GDA0003551849750000075
为标签空间的补集;t为设定阈值;Where f k ( xi )=<ω k , xi >+b k , f(·) returns a real value, which represents the output value of the multi-label classification system on each label; Y is the label space;
Figure GDA0003551849750000075
is the complement of the label space; t is the set threshold;

D.基于训练线性模型和训练阈值函数,得到最终的多标签分类器为h(x)={yk|fk(x)>t(x),1≤k≤q};q为可能的攻击类型数目;t(·)为步骤C中所用阈值函数;h(x)最终输出为0、1字符串,对应是否受到各个攻击。D. Based on the training linear model and the training threshold function, the final multi-label classifier is obtained as h(x)={y k |f k (x)>t(x), 1≤k≤q}; q is possible Number of attack types; t( ) is the threshold function used in step C; h(x) is the final output of 0, 1 strings, corresponding to whether each attack is received.

S5.采用步骤S4得到的攻击检测模型,对实际的连续变量量子密钥分发系统的通信过程进行监测,从而实现针对连续变量量子密钥分发系统的混合攻击检测。S5. Using the attack detection model obtained in step S4, the communication process of the actual continuous variable quantum key distribution system is monitored, so as to realize hybrid attack detection for the continuous variable quantum key distribution system.

如图2所示,则为本发明方法中,步骤S1所述的连续变量量子密钥分发攻击检测系统;该系统具体包括发送端脉冲激光器、发送端分束器、发送端相位调制器、发送端调幅器、发送端偏振分束器、接收端偏振分束器、接收端第一分束器、接收端第二分束器、接收端相位调制器、接收端调幅器、接收端光率计、接收端同步时钟、接收端零差探测器、接收端控制器;发送端脉冲激光器、发送端分束器、发送端相位调制器、发送端调幅器和发送端偏振分束器依次串接;发送端脉冲激光器用于产生光脉冲,并发送至发送端分束器;发送端分束器用于将接收到的光脉冲按照10:90分束为信号光和本振光,并将信号光发送至发送端相位调制器,将本振光发送至发送端偏振分束器;发送端相位调制器用于对接收到的信号光进行相位调制后,在发送至发送端调幅器;发送端调幅器用于对接收到的光信号进行幅度调制后再发送到发送端偏振分束器;发送端偏振分束器用于将接收到的本振光和经过相位和幅度调制的信号光经过时分及偏振复用后,输送到接收端;接收端偏振分束器将接收到的信号分解为信号光和本振光,并将信号光发送至接收端调幅器,将本振光发送至接收端第一分束器;接收端第一分束器用于将接收到的本振光信号按照10:90分束,并分别传送至接收端第二分束器和接收端相位调制器;接收端第二分束器用于将接收到的90%一束的本振光信号平均分为两束,并分别发送至接收端光率计和接收端同步时钟;接收端相位调制器用于将接收到的10%一束的本振光信号进行相位调制后发送至接收端零差探测器;接收端调幅器用于将接收到的信号光进行概率为设定值的最大衰减后,再进行实时散粒噪声估计,并将结果发送至接收端零差探测器;接收端光率计用于根据接收到的信号进行光功率检测,并将结果上传至接收端控制器;接收端同步时钟用于根据接收到的信号产生时钟信号,并将结果上传至接收端控制器;接收端零差探测器用于对接收到的本振光和信号光进行零差探测,并将结果上传至接收端控制器;接收端控制器用于根据接收到的信号进行采样和攻击检测。As shown in FIG. 2, it is the continuous variable quantum key distribution attack detection system described in step S1 in the method of the present invention; the system specifically includes a sending end pulse laser, a sending end beam splitter, a sending end phase modulator, a sending end Amplitude modulator at the transmit end, polarization beam splitter at the transmit end, polarization beam splitter at the receive end, first beam splitter at the receive end, second beam splitter at the receive end, phase modulator at the receive end, amplitude modulator at the receive end, light rate meter at the receive end , the receiving end synchronous clock, the receiving end homodyne detector, the receiving end controller; the sending end pulse laser, the sending end beam splitter, the sending end phase modulator, the sending end amplitude modulator and the sending end polarization beam splitter are serially connected in sequence; The sending-end pulse laser is used to generate optical pulses and send them to the sending-end beam splitter; the sending-end beam splitter is used to split the received optical pulses into signal light and local oscillator light according to 10:90, and send the signal light. to the phase modulator at the sending end, and send the local oscillator light to the polarization beam splitter at the sending end; the phase modulator at the sending end is used to phase modulate the received signal light, and then send it to the amplitude modulator at the sending end; the amplitude modulator at the sending end is used for The received optical signal is amplitude modulated and then sent to the polarizing beam splitter at the transmitting end; the polarizing beam splitter at the transmitting end is used to time-division and polarization-multiplex the received local oscillator light and the signal light that has undergone phase and amplitude modulation. , sent to the receiving end; the receiving end polarization beam splitter decomposes the received signal into signal light and local oscillator light, and sends the signal light to the receiving end amplitude modulator, and sends the local oscillator light to the receiving end first beam splitter ; The first beam splitter at the receiving end is used to split the received local oscillator optical signal according to 10:90 and transmit it to the second beam splitter at the receiving end and the phase modulator at the receiving end respectively; the second beam splitter at the receiving end is used for Divide the received 90% of the local oscillator optical signal into two beams equally, and send them to the receiving end light rate meter and the receiving end synchronous clock respectively; the receiving end phase modulator is used to The vibrating light signal is phase-modulated and sent to the homodyne detector at the receiving end; the amplitude modulator at the receiving end is used to attenuate the received signal light with the maximum probability of the set value, and then perform real-time shot noise estimation and send the result. To the receiving end homodyne detector; the receiving end light rate meter is used to detect the optical power according to the received signal, and upload the result to the receiving end controller; the receiving end synchronization clock is used to generate the clock signal according to the received signal, And upload the results to the receiver controller; the receiver homodyne detector is used to perform homodyne detection on the received local oscillator light and signal light, and upload the results to the receiver controller; the receiver controller is used to The signal is sampled and attack detected.

Claims (3)

1. A hybrid attack detection method aiming at a continuous variable quantum key distribution system comprises the following steps:
s1, building a continuous variable quantum key distribution attack detection system;
s2, acquiring continuous variable quantum key communication data in different attack modes by adopting the continuous variable quantum key distribution attack detection system established in the step S1;
s3, carrying out data processing on the communication data obtained in the step S2, and dividing a sample set; specifically, the method marks continuous variable quantum key communication data in a normal communication mode and an attack mode as d-dimensional characteristic X ═ X1,x2,...,xdTherein of
Figure FDA0003551849740000011
ILOiFor the intensity of the local oscillator light, N, in the ith set of measurement data0iFor shot noise variance in the ith set of measurement data,
Figure FDA0003551849740000012
is the orthogonal average value, V, measured by the receiving end in the ith group of measured datauiThe orthogonal variance measured by a receiving end in the ith group of measurement data; the q possible attack types are marked as multi-label space Y ═ Y1,y2,...,yqY is 0 or 1, 0 represents that the attack is not suffered, 1 tableIndicating that the attack is suffered; constructing sample data D { (x)i,yi) I is more than or equal to 1 and less than or equal to n; then, carrying out data normalization processing on the sample data by adopting a maximum and minimum normalization algorithm, and finally dividing the sample data into a training set and a test set according to a set proportion;
s4, constructing a continuous variable quantum key distribution attack detection model based on multi-label learning, and training by adopting the sample set obtained in the step S3 to obtain an attack detection model; specifically, the model is constructed by adopting the following steps:
A. the internal structure of the model is a sequencing support vector machine of a multi-label algorithm, and the sequencing support vector machine comprises a training linear model and a training threshold function;
B. the training linear model is specifically as follows:
in the label, the related or unrelated is used as a judgment; the related label y is expressed by the following formulakAnd irrelevant label ylCorresponding classification hyperplane:
<ωjk,x>+bj-bk=0
in the formula of omegajAs a label yjThe weight of (c); omegakAs a label ykThe weight of (c); bkAs a label ykThe offset of (2); bjAs a label yjThe offset of (2);
the optimization problem corresponding to the algorithm under the real condition is expressed by the following formula: the sum of the maximized decision edge and the minimized Ranking loss function:
Figure FDA0003551849740000021
constraint conditions are as follows: < omegajk,xi>+bj-bk≥1-ξijk
ξijk>0,1≤i≤n,
Figure FDA0003551849740000022
Xi in the formulaijkIn order to be a function of the relaxation variable,
Figure FDA0003551849740000023
is a relaxation variable set; c is a penalty factor;
C. the training threshold function is specifically:
the threshold value is expressed by the following equation:
Figure FDA0003551849740000024
wherein f isk(xi)=<ωk,xi>+bkF (-) returns a real value representing the output value of the multi-label classification system on each label; y is a label space;
Figure FDA0003551849740000025
is the complement of the label space; t is a set threshold;
D. based on a training linear model and a training threshold function, obtaining a final multi-label classifier h (x) ═ yk|fk(x) Q is more than t (x) and is more than or equal to 1 and less than or equal to k; q is the number of possible attack types; t (-) is the threshold function employed; h (x) finally outputting character strings of 0 and 1, and correspondingly judging whether the attack is received or not;
and S5, monitoring the communication process of the actual continuous variable quantum key distribution system by adopting the attack detection model obtained in the step S4, thereby realizing the hybrid attack detection aiming at the continuous variable quantum key distribution system.
2. The hybrid attack detection method for the CVQKD (continuous variable quantum key distribution) system as claimed in claim 1, wherein the CVQKD attack detection system of step S1 comprises a transmitting-end pulse laser, a transmitting-end beam splitter, a transmitting-end phase modulator, a transmitting-end amplitude modulator, a transmitting-end polarization beam splitter, a receiving-end first beam splitter, a receiving-end second beam splitter, a receiving-end phase modulator, a receiving-end amplitude modulator, a receiving-end light rate meter, a receiving-end synchronous clock, a receiving-end homodyne detector and a receiving-end controller; the transmitting end pulse laser, the transmitting end beam splitter, the transmitting end phase modulator, the transmitting end amplitude modulator and the transmitting end polarization beam splitter are sequentially connected in series; the transmitting end pulse laser is used for generating optical pulses and transmitting the optical pulses to the transmitting end beam splitter; the transmitting end beam splitter is used for splitting the received optical pulse into signal light and local oscillator light according to the ratio of 10:90, transmitting the signal light to the transmitting end phase modulator and transmitting the local oscillator light to the transmitting end polarization beam splitter; the sending end phase modulator is used for carrying out phase modulation on the received signal light and then sending the signal light to the sending end amplitude modulator; the transmitting end amplitude modulator is used for carrying out amplitude modulation on the received optical signal and then transmitting the optical signal to the transmitting end polarization beam splitter; the polarization beam splitter at the sending end is used for transmitting the received local oscillation light and the signal light subjected to phase and amplitude modulation to a receiving end after time division and polarization multiplexing; the receiving end polarization beam splitter splits a received signal into signal light and local oscillator light, sends the signal light to a receiving end amplitude modulator, and sends the local oscillator light to a receiving end first beam splitter; the receiving end first beam splitter is used for splitting the received local oscillation optical signals according to the ratio of 10:90 and respectively transmitting the split signals to the receiving end second beam splitter and the receiving end phase modulator; the receiving end second beam splitter is used for averagely splitting 90% of received local oscillation optical signals into two beams and respectively sending the two beams to a receiving end optical rate meter and a receiving end synchronous clock; the receiving end phase modulator is used for carrying out phase modulation on a beam of 10% received local oscillation optical signals and then sending the modulated local oscillation optical signals to the receiving end homodyne detector; the receiving end amplitude modulator is used for carrying out real-time shot noise estimation after the received signal light is subjected to maximum attenuation with the probability being a set value, and sending the result to the receiving end homodyne detector; the receiving end light rate meter is used for detecting light power according to the received signal and uploading the result to the receiving end controller; the receiving end synchronous clock is used for generating a clock signal according to the received signal and uploading the result to the receiving end controller; the receiving end homodyne detector is used for carrying out homodyne detection on the received local oscillator light and the received signal light and uploading the result to the receiving end controller; and the receiving end controller is used for sampling and attack detection according to the received signals.
3. The hybrid attack detection method for a continuous variable quantum key distribution system according to claim 1 or 2, wherein the step S2 is configured to obtain continuous variable quantum key communication data in different attack modes, specifically, obtain continuous variable quantum key communication data in normal communication and obtain continuous variable quantum key communication data in attack; the attacks include single-mode attacks or combined-mode attacks among calibration attacks, low-strength attacks, intercept-retransmit attacks, and saturation attacks.
CN202110390368.3A 2021-04-12 2021-04-12 Hybrid attack detection method for continuous variable quantum key distribution system Active CN112953973B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110390368.3A CN112953973B (en) 2021-04-12 2021-04-12 Hybrid attack detection method for continuous variable quantum key distribution system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110390368.3A CN112953973B (en) 2021-04-12 2021-04-12 Hybrid attack detection method for continuous variable quantum key distribution system

Publications (2)

Publication Number Publication Date
CN112953973A CN112953973A (en) 2021-06-11
CN112953973B true CN112953973B (en) 2022-05-06

Family

ID=76231906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110390368.3A Active CN112953973B (en) 2021-04-12 2021-04-12 Hybrid attack detection method for continuous variable quantum key distribution system

Country Status (1)

Country Link
CN (1) CN112953973B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113452523B (en) * 2021-06-29 2022-06-17 中南大学 Anomaly communication detection method for continuous variable quantum key distribution process
CN115694792B (en) * 2021-10-09 2024-07-30 科大国盾量子技术股份有限公司 Method and device capable of detecting strong pulse light-induced blind attack and receiving end
CN114268433B (en) * 2021-12-27 2024-04-16 中南大学 Nonlinear compensation method of high-speed continuous variable quantum key distribution system
CN116208321A (en) * 2022-12-27 2023-06-02 中国人民解放军战略支援部队信息工程大学 Quantitative characterization and security level grading method and device for security parameters of quantum key distribution algorithm
CN116319010B (en) * 2023-03-21 2023-11-21 南京邮电大学 Detection method of QKD system defects and hacker attacks based on machine learning

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788706A (en) * 2016-12-05 2017-05-31 上海交通大学 The continuous variable quantum key delivering method of actual attack can be resisted
CN107947929A (en) * 2017-12-28 2018-04-20 中南大学 Continuous variable quantum key distribution system and implementation method based on k neighbours processing

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2879381B1 (en) * 2004-12-15 2008-12-26 Thales Sa QUANTUM QUANTUM DISTRIBUTION SYSTEM OF CONTINUOUSLY VARIABLE ENCRYPTION KEY
US11972329B2 (en) * 2018-12-31 2024-04-30 Xerox Corporation Method and system for similarity-based multi-label learning
CN111970280B (en) * 2020-08-18 2022-05-06 中南大学 Attack detection method of continuous variable quantum key distribution system
CN111988130B (en) * 2020-08-18 2022-06-07 中南大学 Attack detection method for device defects in discrete quantum key distribution
CN111970279B (en) * 2020-08-18 2022-06-07 中南大学 Continuous variable quantum key distribution attack detection method and detection system
CN112134683B (en) * 2020-09-22 2022-02-15 中南大学 Attack Detection Method for Discrete Variable Quantum Key Distribution System
CN112511300B (en) * 2020-12-24 2022-04-08 中南大学 Continuous variable quantum key distribution system and method based on differential phase shift

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788706A (en) * 2016-12-05 2017-05-31 上海交通大学 The continuous variable quantum key delivering method of actual attack can be resisted
CN107947929A (en) * 2017-12-28 2018-04-20 中南大学 Continuous variable quantum key distribution system and implementation method based on k neighbours processing

Also Published As

Publication number Publication date
CN112953973A (en) 2021-06-11

Similar Documents

Publication Publication Date Title
CN112953973B (en) Hybrid attack detection method for continuous variable quantum key distribution system
Saif et al. Machine learning techniques for optical performance monitoring and modulation format identification: A survey
CN111970280B (en) Attack detection method of continuous variable quantum key distribution system
CN111970279B (en) Continuous variable quantum key distribution attack detection method and detection system
Zhang et al. Dual generative adversarial networks based unknown encryption ransomware attack detection
CN112134683B (en) Attack Detection Method for Discrete Variable Quantum Key Distribution System
CN111970050B (en) A System for Joint Monitoring of Modulation Format and Optical Signal-to-Noise Ratio Based on Anomaly Detection
Wang et al. Convolutional neural network-based deep learning for intelligent OSNR estimation on eye diagrams
Zhou et al. Enhanced multi-level signal recovery in mobile fronthaul network using DNN decoder
CN106850196A (en) The improved continuous variable quantum key delivering method for resisting actual attack
Luo et al. Beyond universal attack detection for continuous-variable quantum key distribution via deep learning
CN114553315B (en) Fiber nonlinear equalization method and system based on CNN-biRNN
Ardizzon et al. A RNN-based approach to physical layer authentication in underwater acoustic networks with mobile devices
Borkowski et al. Optical modulation format recognition in Stokes space for digital coherent receivers
CN112929163B (en) Measurement device-independent continuous variable quantum key distribution method and system
Al-Mohammed et al. Detecting attackers during quantum key distribution in IoT networks using neural networks
CN113452523B (en) Anomaly communication detection method for continuous variable quantum key distribution process
Jiang et al. End-to-end learning of communication system without known channel
CN112787815B (en) Continuous variable quantum key communication method and system based on attack perception and defense
CN113037778B (en) Attack detection method for continuous variable quantum key distribution system
CN113517984B (en) CV-QKD Protocol Bit Rate Prediction Method and System Based on Backpropagation Neural Network
CN114268433A (en) Nonlinear Compensation Method for High Speed Continuous Variable Quantum Key Distribution System
CN116155494A (en) Quantum key distribution system based on multi-classification learning detection and implementation method thereof
CN114285574B (en) A source-independent quantum random number generation method and system against blinding by strong light
Zeng et al. Multi-task metric learning for optical performance monitoring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant